About this course

Course type Premium
Course code QAPENTEST
Duration 3 Days
Special Notices

We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. Delegates should have practical ‘hands-on’ experience of the Linux command line and Linux utilities. We recommend our Understanding Linux (Linux Primer) QALXPR-1 course.

This course, updated for 2017, covers the various tools, techniques and procedures penetration testers use to test systems and networks of systems for vulnerabilities. This course covers vulnerability scanning and analysis tools allowing delegates to correctly identify, assess and exploit vulnerabilities and present their findings.

Audience

This course is aimed at an introductory level to those wishing to learn both the basics and advanced tools and techniques used to identify and exploit vulnerabilities as part of a penetration test covering both Linux and Windows operating systems. This course is also suitable for those individuals wishing to better defend their organisations and prepare ‘red team’ exercises.

Delegates will learn how to

  • Understand the methodical process of a penetration test
  • Enumerate information from network hosts, devices and online services
  • Conduct an infrastructure vulnerability scan using Nessus
  • Conduct a web application vulnerability scan using ZAP
  • Analyse, assess and triage vulnerabilities
  • Exploit vulnerabilities in web applications
  • Exploit vulnerabilities in system applications
  • Chain vulnerabilities and escalate privileges
  • Conduct an authentication test against system services
  • Conduct Red team simulated attacks
  • Present findings

Course Outline

Module 1 - Information gathering

This module covers the various tools and methods used for finding information useful to penetration testing. Delegates will be shown how to scan devices and services on the network and how to use online resources to enumerate as much information as possible and how to use that information during a penetration test.

This module covers the following subjects:

  • The types of information useful to a penetration test
  • How to enumerate and fingerprint hosts and devices on the network
  • How to use NMAP to map networks and services
  • How to use online resources to disclose useful information
  • How to analyse and use information during a penetration test

Module 2 - Vulnerability scanning

This module covers the tools and techniques used to find vulnerabilities on both system and web applications and services on the network using tools like Nessus and Zed Attack Proxy to highlight potential vulnerabilities and interesting areas for testing.

This module covers the following subjects:

  • To understand the purpose of vulnerability scanning
  • To understand the different types of vulnerability scanners
  • To be able to research and check vulnerabilities online
  • To be able to configure and use Nessus vulnerability scanner
  • To be able to configure and use ZAP web applications vulnerability scanner
  • To be able to conduct an infrastructure vulnerability scan
  • To be able to conduct a web application vulnerability scan

Module 3 - Vulnerability analysis

This module covers the analysis of the results gained from each of the vulnerability and network scans and how to quantify and triage that information based on the severity, risk and ease of exploitation.

This module covers the following subjects:

  • How to understand the different types of vulnerabilities
  • How to prioritise and triage vulnerabilities
  • How to interpret and assess vulnerability results
  • How to identify areas of interest for testing/exploitation

Module 4 - Exploiting vulnerabilities

This module covers the various tools and methods used to exploit both system and web application vulnerabilities using tools like Metasploit in order to verify vulnerabilities and eliminate false positives.

This module covers the following subjects:

  • To understand web application vulnerabilities
  • To be able to exploit web applications vulnerabilities.
  • To understand infrastructure vulnerabilities
  • To be able to exploit infrastructure vulnerabilities
  • To be able to chain exploits together and escalate privileges
  • To be able to test and exploit authenticated services

Module 5 - Red team simulated attacks

This module covers the various tools and techniques for conducting a red team simulated attack covering some of the more advanced areas of penetration testing using tools to strip secure communications, bypass AV and intercept credentials on the network.

This module covers the following subjects:

  • The difference between a penetration test and a red team simulated attack
  • How MITM attacks can be leveraged on the network
  • How to intercept, strip secure communications
  • How to intercept credentials on the network
  • How generate stand-alone backdoors for Windows/ Linux targets
  • How to obfuscate and bypass AV/IDS
  • How social engineering attacks work and how they can be leveraged
  • How physical attacks work and how they can be leveraged
  • To be able to present your findings, report writing

Learning outcomes

Over the course of these 5 modules delegates will understand the various types of vulnerabilities that can be found in both system and web applications and be able to identify, assess, test and exploit those vulnerabilities. Delegates will gain hands on experience using network and vulnerability scanners and exploitation frame works and gain insight in to some of the more advanced areas of penetration testing and be able to present their findings.

Premium Course

3 Days

Duration

This course is authored by QA

Delivery Method

Delivery method

Classroom / Attend from Anywhere

Receive classroom training at one of our nationwide training centres, or attend remotely via web access from anywhere.

Project Management training from QA
Complete Cyber Analyst

Hand picked by our experts, these interlocking skills enable the Complete Cyber Analyst.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.